---
- block:
    - name: Create tls folder structure
      file:
        path: "{{ item }}"
        state: directory
        owner: root
        group: root
        selevel: s0
        serole: object_r
        setype: slapd_cert_t
        seuser: system_u
      loop:
        - "{{ ldap_proxy_tls_cert_path | dirname }}"
        - "{{ ldap_proxy_tls_key_path | dirname }}"
        - "{{ ldap_proxy_tls_ca_path | dirname }}"

    - name: Copy certs and private key (file)
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: ldap
        group: ldap
        mode: "{{ item.mode }}"
        selevel: s0
        serole: object_r
        setype: slapd_cert_t
        seuser: system_u
      loop:
        - { src: "{{ ldap_proxy_tls_key_source }}", dest: '{{ ldap_proxy_tls_key_path }}', mode: '0600' }
        - { src: "{{ ldap_proxy_tls_cert_source }}", dest: '{{ ldap_proxy_tls_cert_path }}', mode: '0640' }
        - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' }
      loop_control:
        label: "{{ item.dest }}"
      when: ldap_proxy_tls_source_use_files

    - name: Copy certs and private key (content)
      copy:
        content: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: ldap
        group: ldap
        mode: "{{ item.mode }}"
        selevel: s0
        serole: object_r
        setype: slapd_cert_t
        seuser: system_u
      loop:
        - { src: "{{ ldap_proxy_tls_key_source }}", dest: '{{ ldap_proxy_tls_key_path }}', mode: '0600' }
        - { src: "{{ ldap_proxy_tls_cert_source }}", dest: '{{ ldap_proxy_tls_cert_path }}', mode: '0640' }
        - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' }
      loop_control:
        label: "{{ item.dest }}"
      when: ldap_proxy_tls_source_use_content
  become: True
  become_user: root